G-Cloud 11 services are suspended on Digital Marketplace

If you have an ongoing procurement on G-Cloud 11, you must complete it by 18 December 2020. Existing contracts with Heraclitus Global Ltd are still valid.
Heraclitus Global Ltd

Analytics, BI and support

Accounting and finance softwares

Features

  • Accounting activities
  • Project management
  • Software development

Benefits

  • Effective project management
  • Quick and easy software development etc

Pricing

£100 to £2,500 a person

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at rajeev.kumar@heraclitusglobal.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 11

Service ID

2 1 3 4 9 0 4 6 4 7 8 4 3 1 7

Contact

Heraclitus Global Ltd Rajeev Kumar
Telephone: 07581063508
Email: rajeev.kumar@heraclitusglobal.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
N/A
System requirements
Windows/Android/Linux

User support

Email or online ticketing support
Email or online ticketing
Support response times
24x7
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AAA
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
WCAG 2.1 AAA
Web chat accessibility testing
User acceptance testing done with real users
Onsite support
Yes, at extra cost
Support levels
All types of support available based on requirement
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Onsite training, online training and documentation.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Export data
End-of-contract process
Additional cost depends on number of non-core features

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Chrome
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
None
Service interface
No
API
No
Customisation available
Yes
Description of customisation
Depending on requirement, features can be customised

Scaling

Independence of resources
Scaling based on usage

Analytics

Service usage metrics
No

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
Never
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Export functionality available
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data protection between buyer and supplier networks
Private network or public sector network
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
SLA for each service/feature
Approach to resilience
Available on request
Outage reporting
Email alerts

Identity and authentication

User authentication needed
No
Access restrictions in management interfaces and support channels
IAM provides user access control to AWS services, APIs and specific resources. Other controls include time, originating IP address, SSL use, and whether users authenticated via MFA devices.

API calls to launch/terminate instances, change firewalls, and perform other functions are signed by customers’ Amazon Secret Access Key (either the root AWS Account’s Secret Access Key or the Secret Access key of a user created with AWS IAM). Amazon EC2 API calls cannot be made on customers’ behalf without access to customers’ Secret Access Ke.

API calls can be encrypted with TLS/SSL for confidentiality and customers can use TLS/SSL-protected API endpoints.
Access restriction testing frequency
At least every 6 months
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Private security certification
Information security policies and processes
Policies and Framework document owned by Security officer

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Formal Change Board and Change management process is followed
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
AWS Security performs vulnerability scans on the host operating system, web applications, and databases in the AWS environment. Approved 3rd party vendors conduct external assessments (minimum frequency: quarterly). Identified vulnerabilities are monitored and evaluated. Countermeasures are designed and implemented to neutralise known/newly identified vulnerabilities.

AWS Security monitors newsfeeds/vendor sites for patches and receives customer intelligence via http://aws.amazon.com/security/vulnerability-reporting/.

AWS customers are responsible for all scanning, penetration testing, file integrity monitoring and intrusion detection for their Amazon EC2 and Amazon ECS instances/ applications. Scans should include customer IP addresses (not AWS endpoints). AWS endpoint testing is part of AWS compliance vulnerability scans.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
AWS deploys (pan-environmental) monitoring devices to collect information on unauthorized intrusion attempts, usage abuse, and network/application bandwidth usage. Devices monitor:

• Port scanning attacks
• Usage (CPU, processes, disk utilization, swap rates, software-error generated losses)
• Application metrics
• Unauthorized connection attempts

Near real-time alerts flag potential compromise incidents, based on AWS Service/Security Team- set thresholds.

Requests to AWS KMS are logged via the account’s CloudTrail S3 bucket. Logs provide request information, under which CMK, and identify the AWS resource protected through the CMK use. Log events are visible to the customer after turning on AWS CloudTrail in their account.
Incident management type
Supplier-defined controls
Incident management approach
AWS adopts a three-phased approach to manage incidents:

1. Activation and Notification Phase
2. Recovery Phase
3. Reconstitution Phase

To ensure the effectiveness of the AWS Incident Management plan, AWS conducts incident response testing, providing excellent coverage for the discovery of defects and failure modes as well as testing the systems for potential customer impact.

The Incident Response Test Plan is executed annually, in conjunction with the Incident Response plan. It includes multiple scenarios, potential vectors of attack, the inclusion of the systems integrator in reporting and coordination and varying reporting/detection avenues.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£100 to £2,500 a person
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Core features

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at rajeev.kumar@heraclitusglobal.com. Tell them what format you need. It will help if you say what assistive technology you use.